lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c34bb102-613b-5713-4e96-aa99a3e3c6d2@infradead.org>
Date:   Fri, 2 Oct 2020 10:28:51 -0700
From:   Randy Dunlap <rdunlap@...radead.org>
To:     Thorsten Leemhuis <linux@...mhuis.info>,
        Jonathan Corbet <corbet@....net>
Cc:     linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v1 12/26] docs: reporting-bugs: tell users to disable
 DKMS et al.

On 10/1/20 1:39 AM, Thorsten Leemhuis wrote:
> Tell users to disable solutions like DKMS to make sure the mainline
> kernel they have to install later remains vanilla. The old text did not
> do that, but back when it was written these solutions were not that
> widespread.
> 
> Signed-off-by: Thorsten Leemhuis <linux@...mhuis.info>
> ---
>  Documentation/admin-guide/reporting-bugs.rst | 21 ++++++++++++++++++++
>  1 file changed, 21 insertions(+)
> 
> diff --git a/Documentation/admin-guide/reporting-bugs.rst b/Documentation/admin-guide/reporting-bugs.rst
> index 05de4e0259cb..d96b21512c03 100644
> --- a/Documentation/admin-guide/reporting-bugs.rst
> +++ b/Documentation/admin-guide/reporting-bugs.rst
> @@ -562,6 +562,27 @@ or reinstall the operating system as well as everything you need to restore the
>  backup.
>  
>  
> +Make sure your kernel doesn't get enhanced
> +------------------------------------------
> +
> +    *Ensure your system does not enhance its kernels by building additional
> +    kernel modules on-the-fly locally, which solutions like DKMS might be doing
> +    without your knowledge.*
> +
> +Your kernel will stop being 'vanilla' as soon as it loads a kernel module not
> +build from the sources used to compile the kernel image itself. That why you

   built                                                           That is why you

> +need to ensure your Linux kernel stays vanilla by removing or disabling
> +mechanisms like akmods and DKMS: those might build additional kernel modules
> +automatically, for example when your boot into a newly installed Linux kernel
> +the first time. Reboot after removing them and any modules they installed.
> +
> +Note, you might not be aware that your system is using one of these solutions:
> +they often get set up silently when you install Nvidias proprietary graphics

                                                   Nvidia's

> +driver, VirtualBox, or other Software that requires a some support from a module
> +not part of the Linux kernel. Your package manager might thus force you to
> +remove those, too.
> +
> +
>  .. ############################################################################
>  .. Temporary marker added while this document is rewritten. Sections above
>  .. are new and dual-licensed under GPLv2+ and CC-BY 4.0, those below are old.
> 


-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ